DOD sketches its diagram of the future

Dave Wennergren, former vice chairman of the CIO Council has been a constant presence at the Defense Department for the past 10 years. He started as deputy CIO and then CIO of the Navy Department, and for the past four years, he served as CIO and deputy assistant secretary of Defense for information management and technology.

DOD is about to undergo a major reorganization of its executive organization under Secretary Robert Gates, including the dissolution of the Office of the Assistant Secretary of Defense for Networks and Information Integration, Wennergren is moving into a new office and a new role. He was recently named assistant deputy chief management officer at the Office of the Deputy Secretary of Defense.

Here is the complete transcript of an interview Wennergren had with staff writer Amber Corrin and editor-at-large Wyatt Kash.It has been edited for clarity and style.

FCW: As you’re looking back over the last decade of your career at the Defense Department, what stands out in your mind?

Dave Wennergren: [Oct 8] was the 10th anniversary of the issuance of the first DOD common access card. I was looking back and thinking, it doesn’t seem like that long ago – at least not most days. But that was a really dramatic undertaking for the Defense Department, to move away from the kind of world we used to live in, where there would have been hundreds of public key infrastructure solutions and dozens of smart cards, none of which would have worked together and all of which would have completely precluded us from getting to a place where we are today where you can do service-oriented architecture and have a look toward the Web 2.0 future. The fact that a decade ago we were able to get the team together and get everyone to align to a single smart card for the entire DOD, and that’s one of my most memorable adventures in the last 10 years of doing CIO work at the Navy and DOD.

To this day I would argue that there’s no smart card/PKI implementation in the world that’s as successful as the one we have in DOD, where there’s 3.5 million people using that card for cryptographic log-in to the network, secure access to websites, signing and encrypt e-mails, having digital signatures and allowing paperless processes. It’s a profound change for the department.

Ten years ago I was the deputy CIO for the Department of the Navy, and I did that job for four years, to 2002. Then I became CIO for DON for four years, until 2006. That was when [former DOD CIO] John Grimes was here at ASD (NII) and asked me to come be his deputy, and I left my happy Navy home to come to DOD. Now I’ve done this job for four years, so there seems to be a pattern emerging. So after three jobs in a row of four-year tenures, I’m about to embark on a new adventure.

FCW: There are a lot of questions about what’s happening at ASD (NII); obviously a lot hasn’t been decided yet. Is there anything you can share about what you think will be happening and what’s being discussed as DOD starts to implement the reform set out by Secretary Robert Gates?

Wennergren: Well, the key issue is that there’s a whole lot of analysis work being done here right now, and we need to give the analysis teams a chance to finish doing their work. But there have been a lot of things being said in the public that may cause some consternation and may not be exactly what the Secretary has said. The Secretary of Defense and Deputy Secretary of Defense [William Lynn], and the chairman of the Joint Chiefs of Staff [Adm. Mike Mullen], have been clear that their goal is to have a strengthened CIO when we’re done. So, we still imagine having a DOD CIO; that CIO will still work directly for the Secretary of Defense; that CIO will have the right set of resources and tools to be able to do the policy, governance, oversight and compliance. It’s still our hope that [California CIO and erstwhile DOD CIO nominee] Teri Takai will become our next DOD CIO.

The reorganization work is designed to do two things. Obviously the Secretary is very serious about getting rid of redundant functions, eliminating unnecessary overhead and creating some significant cost-savings that can be poured back into the DOD mission. But at the same time, we’re adamant about making sure we’ve actually created that defense information enterprise that everyone wants to achieve and that will allow us to really be a truly 21st century organization.

So, stay tuned. The analysis work continues, and the Secretary needs to be able to have the time to see the analysis and come to some final decisions. By the end of the calendar year there should be some good, detailed answers about how we intend to implement the reorganization.

FCW: How is the role of the CIO changing and evolving?

Wennergren: It’s been 14 years since the Clinger-Cohen act; the premise of the act was that organizations can do so much better if they look at information as a strategic asset and think about the power of information-sharing and importance of information security. The basic tenets hold true, but the world has changed an awful lot since then. So it’s really a continuously evolving role for both the public and the private sector. These organizations have to determine the best fit for the specific organization for its CIO role. Looking across the landscape, some CIOs are highly technical, much more involved in traditional communications, networks and tactical kinds of roles. In other organizations, other CIOs are much more involved in the strategy business. Depending on where you are in the organizational chain-of-command, you need both of those kinds of roles.

There have been a lot of changes. CIOs undergoing this look-about and asking, what do I have to offer this organization to help it be effective in the 21st century? Some of the things that may have been big points of focus a dozen years ago have become just the way we do business now – standard operating procedure. Getting infrastructure consolidated and moving away from a world where e-mail isn’t ubiquitously available, those things you used to spend a lot of time on, that’s going to look different in future where it’s a world of taking advantage of service-oriented approaches and Web 2.0 tools. Now you have to consider things like how making information-sharing happen in a world that’s constantly under attack, or promoting secure information-sharing.

You also have to consider where your organization is in its own evolution – are you where DOD was 10 years go, collapsing hundreds of disparate networks or instituting the common access card, or are you further along, trying to figure out how to function in a world of Androids and iPhones and common platforms and cloud computing? Depending on where you are in the evolutionary journey, you have to pick the CIO that has the right skills to get you the next place on the journey. Do you need a CIO who’s a network administrator, or one that’s more part of the core processes and strategic planning for the organization’s mission?

There is this continuing evolution of what it means to be a CIO in the 21st century. It will be interesting to see where it all goes.

Then there are new roles that have sprung up around security – cybersecurity functions, chief information security officers. It’s my belief the chief information security officer has to work directly for the CIO. If those two jobs aren’t tightly aligned and in the same org, you can never hope to be successful in sharing information with unanticipated users while at the same time raising the bar for security for your organization. You’ll be hopelessly bifurcated, and you’ll have security come at the expense of sharing information, and vice versa.

FCW: Do you feel that the effectiveness and ability to make a contribution of the CIO has improved since you first got on the CIO Council?

Wennergren: I think the opportunity to make a difference grows every year. It’s a little like Maslow’s Pyramid – if you’re down at the bottom, that’s where we were when we created the CAC [Common Access Card]. Now that we have a CAC, we can have a legally binding digital signature; without a digital signature, we wouldn’t have been able to move away from paper-based processes. So it’s really foundational stuff that if you don’t get done, you don’t get to work on the cooler stuff we have now. I would argue that CIOs have the ability to make more of a difference more quickly today than in the past, now that the groundwork has been laid.

FCW: What do you see as major hurdles in building up that pyramid?

Wennergren: I can’t underplay the fact that so much is about cultural change – we still have these cultural change issues that get in the way of CIOs being able to move at amazing speed. It usually comes down to one main cultural issue, and that’s personal control.

If you look at the all the value you see in this world of service-oriented architecture and Web 2.0 and cloud computing and all the buzzwords of the day, they all speak to a world where somebody does something for you, where it’s a managed service. Someone else runs the data center or hosts the application. The issue is that we always like to own it ourselves; we don’t like to worry about relying on other people. But this future for us is all about not owning the servers anymore or not building our own systems anymore.

That’s a fundamental change, and that’s the critical issue that’s facing federal agencies and large commercial organizations – moving from an organization of low-trust to an organization of high-trust. That’s the biggest impediment to cracking the code on the speed issue.

FCW: What are some of the other highlights or accomplishments you’ve seen on the CIO Council or in DOD that doesn’t get as much credit as it should?

Wennergren: I’ve been so fortunate to work with such amazing people, so many people working so hard to make a difference. And a lot of the times you only hear about things when there’s a problem or a challenge, but there has been a great turning in the past few years. Getting the CAC was a huge accomplishment, and it put us years ahead of other federal agencies and even ahead of the private sector.

Another accomplishment is the fact that we were able to able to realize that you do not always have to replace a legacy system with a new system – that you could actually look at what the world offers us today and create a net-centric data strategy and a net-centric services strategy that said that if you could decouple the data from your applications, you could do things at network speed. There’s all this work that has been done with communities of interest; that’s come into play in examples like Blue Force Tracking and Maritime Domain Awareness and finding improvised explosive devices.

Now, you can go across the enterprise and make a data service available. You can say, ‘I want to know more about commercial vessels coming into harbors,’ and very quickly overlay that over Google Earth. You can go to any DOD computer, stick your common access card in and call up the Maritime Domain Awareness data services and view any commercial harbor in the world, every commercial vessel coming in, and drill the cargos and crews of those vessels – from any computer.

And that’s all about accessing this information that in the past was walled away in legacy systems but is now exposed and it’s visible, accessible, understandable and trusted. You can use it to make these amazing things happen.

FCW: As you’re transitioning over the management side, do you have a sense of what kind of things you’ll be tackling in your new role?

Wennergren: This is a great next step for me; I’m really excited about the opportunity. If you look at the recent statues requiring the standup of a deputy chief management officer for DOD, that move the work of process change and process re-engineering to the DCMO, you see this added emphasis on optimizing end-to-end processes horizontally across the organization. Over time, we’ve built up really important work vertically, but most of the processes of the organization – say, procure-to-pay or hire-to-retire – these are end-to-end processes that cross functional domains like personnel management, financial management and contracting.

So I’ll be part of a team that comes up with a strategic management plan for the organization – identifying performance measures that determine the progress of plans, determining better end-to-end processes that optimize for faster insertion of technology, reforming IT acquisition.

There’s now an opportunity to move from a world where we used to always just build a big system – and because we’re DOD it became a really, really big system – to developing better processes where it can quickly be ascertained what the desired outcome is, and then determining the different paths to get there, and each path looks different and has speed and agility to get things done. The work that we’re going to be doing in the year ahead is going to help us get capabilities developed and deployed to the warfighter much more rapidly than today.

FCW: Anything that you wish you had more time to work on as a CIO?

Wennergren: I think we’re on the cusp of huge opportunities. If you look at the change that’s happened – a decade ago, we lived on a bunch of local area networks with local applications and everything was just fragmented, so we were building things over and over again. We created barriers to information-sharing because everything was done in these local enclaves. We started to realize that wasn’t the right way to go; then we spun to the ‘one-big-system’ answer, but that’s not the right answer anymore either. Today, the way technology is changing, we have an opportunity to have the best of both worlds. Now we have these core services that are provided to everyone so that every local basin and functional organization doesn’t have to build the solutions themselves.

Now, there’s this combination of consolidation where it makes sense and creates consistency and purpose across the organization, but there’s also the Web 2.0/service-oriented world that allows local innovation and speed. We have to stay with that; that’s going to replace the world of big IT systems.